SEH Record Exploitation

A lot of programming languages, like C, C++, Java, Python, Ruby, etc, have exception support. In the event of an exception, the program searches back through the stack of function calls until an exception handler is found. Actually, the pointers to the exception handler are stored in the stack frame of each function. So, in effect, we have a function pointer on the stack that we can overwrite if we have a buffer overflow.

JavaScript SetOffset()

While doing a JavaScript exploit I encountered that there isn’t a convenient function in JavaScript to set specific code to a specific offset in a given string.

Gera's Insecure Programming warming up stack #1 (ROP NX/ASLR Bypass)

I started gera’s exercises on format strings vulnerabilities. I am going to start on the stack next. This post will be my first ROP practice and it was fun :). The main purpose of “warming up the stack” exercises is to just bypass the canary. However, I wanted to make it harder and get a shell out of it.

CSAW CTF: Munchbrunch Writeup

#Web200

CSAW CTF: Networking 1 Writeup

This challenge provided a pcap file and the question ‘‘What am I searching for?”.  A hint dropped in the irc channel by hockeyinjune helped us to look in the right place.

CSAW CTF: Inchbinge Writeup

#Web 400

CSAW CTF: BluesNews Writeup

For Web Challenge 300, you were presented with a news website, BluesNews.

CSAW CTF Exploitation bin2 Solution

This past weekend, the ISIS lab held CSAW CTF quals. For more information about the event see: csawctf.poly.edu